Once users heed this fake warning, they download a rogue AV file contained in a password-protected archive. Of course, the archive is a malicious file , GFI identified this file as Trojan.Win32.Fakeav.tri(v).